Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1rwzKd-005gz2-67 for pgsql-pkg-yum@arkaria.postgresql.org; Wed, 17 Apr 2024 07:03:47 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1rwzKb-009BTw-GM for pgsql-pkg-yum@arkaria.postgresql.org; Wed, 17 Apr 2024 07:03:45 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1rwzKb-009BTm-8u for pgsql-pkg-yum@lists.postgresql.org; Wed, 17 Apr 2024 07:03:45 +0000 Received: from mail-pj1-x1033.google.com ([2607:f8b0:4864:20::1033]) by magus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from ) id 1rwzKV-001PY9-EY for pgsql-pkg-yum@postgresql.org; Wed, 17 Apr 2024 07:03:44 +0000 Received: by mail-pj1-x1033.google.com with SMTP id 98e67ed59e1d1-2a5215314a4so3205975a91.0 for ; Wed, 17 Apr 2024 00:03:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hagander.net; s=mail; t=1713337416; x=1713942216; darn=postgresql.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=KWiFBtCci5Wn1n1ocImxvA0R4kZf0pRsHp5vR3hvi+c=; b=SgWYSotanic7QgsV8B3J/t5IFAc85i1D7GpAP3/azeGywvC2bUzHI1Z7UZR94L4044 zAURmIEsuOKkE1V2cgLoGHiw/iB+1eb+7i3kbdxJZloe7OuA906tXRWWADCHzvDGrYfs owRV5JKuDhS9GkerqXdIQIa/YsCnRI7Aq90pP+kz2MW6Z6qYz0xpL/yi+wRAI2L1PdXz iAyybZFiwWTfpw0t8LE7j2Gg3ToPSP92+qRfl4QZbO4vO6hjYCfWbz6CEcgY8fbVaOAw QCJxD2duylgy1bWCL2WHPdIyBEYYsdCWpPt2sp2NhpasAoezzpizEzDxUd5kiYUeu3up IU8g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713337416; x=1713942216; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=KWiFBtCci5Wn1n1ocImxvA0R4kZf0pRsHp5vR3hvi+c=; b=FkPvJT0YYOed4DmdppG9NzVspSHMO5VLjL55psUgDrVlkkuPynLKy1W4K0K/dngpZZ HVQVOhDqa9yE9FdmfnLeVlqML9eXOmRp2EswkjyWfCWGvcxGicRzDMFgsImvPgxZC+EJ P8jDyeMrvRtRMs4rSWBfuNWrjGmHozNetb4HDLtPb6b1Jo2H3mfLu3owDcsyTYAv5ZjX DWpOBqBEE5/1E0wqAofReYTk7uxOsh/JBQGwzsYOUsoCVbe9iJzTcpBwWdRBWe///Hbv lAS42lKrMYlthtrbJkv/rv3OzUNFAqlbyis+Dlrhh9GbMUQtjd/9eaIfONdHgEkw52my 2blg== X-Gm-Message-State: AOJu0YxEYOJUSFiPuvtDcn57b36u/2mcciECBWEqK3aG+y5iVqsGscwo 818MoGRzxafwZNj+qVfky3bVylH4CjmIMuwjxSgctyffKyoDUUFw2YJko9KF9lUDULidRUOGnXD Hos1WDXN2frePZD0leqMXrwlVHbxwalFKcvRn6GeowE2gAAs= X-Google-Smtp-Source: AGHT+IHX5WeKHwdSVf3U0jMGRozJ8zVwbzKntMX4NRgJ1vyvM7H60Z08yfscP+uV0N0NcohzA59SsUCpGHfDqjCcdYw= X-Received: by 2002:a17:90b:1d07:b0:2a1:f455:c3d7 with SMTP id on7-20020a17090b1d0700b002a1f455c3d7mr13133001pjb.16.1713337416262; Wed, 17 Apr 2024 00:03:36 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Magnus Hagander Date: Wed, 17 Apr 2024 09:03:22 +0200 Message-ID: Subject: Re: Non-signed packages in PostgreSQL 14 repo for RHEL 9 To: pgsql-pkg-yum Cc: gunnar.a.andersson@trafikverket.se, webmaster@postgresql.org Content-Type: multipart/alternative; boundary="00000000000013c57e0616457430" List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk --00000000000013c57e0616457430 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi! Forwarding this one to the RPM maintrainers. //Magnus On Wed, Apr 17, 2024 at 8:58=E2=80=AFAM wrote: > Hi, > > > > I=E2=80=99m not sure where to forward this to, since it=E2=80=99s not a b= ug in PostgreSQL, > per se. > > But I noticed that there are unsigned packages in this repository: > https://download.postgresql.org/pub/repos/yum/14/redhat/rhel-9-x86_64/ > > I=E2=80=99m using reposync (reposync(1) - Linux manual page (man7.org) > ) to mirror > the repository but it fails with =E2=80=93gpgcheck since there are unsign= ed > packages. > > This is the GPG key I=E2=80=99m using to verify the packages: > https://download.postgresql.org/pub/repos/yum/keys/PGDG-RPM-GPG-KEY-RHEL > > Every other package in the repository is signed and works as expected. > > > > Output from reposync: > > (946/952): postgis33_14-devel-3.3.6-3PGDG.rhel9 23 kB/s | 8.9 kB > 00:00 > > (947/952): postgis33_14-client-3.3.6-3PGDG.rhel 569 kB/s | 293 kB > 00:00 > > (948/952): postgis33_14-3.3.6-3PGDG.rhel9.x86_6 5.6 MB/s | 4.0 MB > 00:00 > > (949/952): postgis33_14-gui-3.3.6-3PGDG.rhel9.x 943 kB/s | 211 kB > 00:00 > > (950/952): postgis33_14-docs-3.3.6-3PGDG.rhel9. 10 MB/s | 4.8 MB > 00:00 > > (951/952): postgis33_14-llvmjit-3.3.6-3PGDG.rhe 9.4 MB/s | 1.1 MB > 00:00 > > (952/952): postgis33_14-utils-3.3.6-3PGDG.rhel9 345 kB/s | 43 kB > 00:00 > > Removing postgis33_14-3.3.6-3PGDG.rhel9.x86_64.rpm: Package > postgis33_14-3.3.6-3PGDG.rhel9.x86_64.rpm is not signed > > Removing postgis33_14-client-3.3.6-3PGDG.rhel9.x86_64.rpm: Package > postgis33_14-client-3.3.6-3PGDG.rhel9.x86_64.rpm is not signed > > Removing postgis33_14-devel-3.3.6-3PGDG.rhel9.x86_64.rpm: Package > postgis33_14-devel-3.3.6-3PGDG.rhel9.x86_64.rpm is not signed > > Removing postgis33_14-docs-3.3.6-3PGDG.rhel9.x86_64.rpm: Package > postgis33_14-docs-3.3.6-3PGDG.rhel9.x86_64.rpm is not signed > > Removing postgis33_14-gui-3.3.6-3PGDG.rhel9.x86_64.rpm: Package > postgis33_14-gui-3.3.6-3PGDG.rhel9.x86_64.rpm is not signed > > Removing postgis33_14-llvmjit-3.3.6-3PGDG.rhel9.x86_64.rpm: Package > postgis33_14-llvmjit-3.3.6-3PGDG.rhel9.x86_64.rpm is not signed > > Removing postgis33_14-utils-3.3.6-3PGDG.rhel9.x86_64.rpm: Package > postgis33_14-utils-3.3.6-3PGDG.rhel9.x86_64.rpm is not signed > > Error: GPG signature check failed. > > > > Best regards, > > Gunnar Andersson, > > Trafikverket > --00000000000013c57e0616457430 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi!

Forwarding this one to t= he RPM maintrainers.

//Magnus

On Wed, Apr 17, 2024= at 8:58=E2=80=AFAM <gunnar.a.andersson@trafikverket.se> wrote:

Hi,

=C2=A0

I=E2=80=99m not sure where to forward this to, since= it=E2=80=99s not a bug in PostgreSQL, per se.

But I noticed that there are unsigned packages in th= is repository: https://download.postgresql.org/pub/repos/yum/14/redhat/rhel-9-x86_64/ =

I=E2=80=99m using reposync (reposync(1)= - Linux manual page (man7.org)) to mirror the repository but it fails = with =E2=80=93gpgcheck since there are unsigned packages.

This is the GPG key I=E2=80=99m using to verify the = packages: https://download.postgresql.org/pub/repos/yum/keys/PGDG-RPM-GPG-KEY-RHEL

Every other package in the repository is signed and = works as expected.

=C2=A0

Output from reposync:

(946/952): post= gis33_14-devel-3.3.6-3PGDG.rhel9=C2=A0 23 kB/s | 8.9 kB=C2=A0=C2=A0=C2=A0= =C2=A0 00:00=C2=A0=C2=A0=C2=A0

(947/952): post= gis33_14-client-3.3.6-3PGDG.rhel 569 kB/s | 293 kB=C2=A0=C2=A0=C2=A0=C2=A0 = 00:00=C2=A0=C2=A0=C2=A0

(948/952): post= gis33_14-3.3.6-3PGDG.rhel9.x86_6 5.6 MB/s | 4.0 MB=C2=A0=C2=A0=C2=A0=C2=A0 = 00:00=C2=A0=C2=A0=C2=A0

(949/952): post= gis33_14-gui-3.3.6-3PGDG.rhel9.x 943 kB/s | 211 kB=C2=A0=C2=A0=C2=A0=C2=A0 = 00:00=C2=A0=C2=A0=C2=A0

(950/952): post= gis33_14-docs-3.3.6-3PGDG.rhel9.=C2=A0 10 MB/s | 4.8 MB=C2=A0=C2=A0=C2=A0= =C2=A0 00:00=C2=A0=C2=A0=C2=A0

(951/952): post= gis33_14-llvmjit-3.3.6-3PGDG.rhe 9.4 MB/s | 1.1 MB=C2=A0=C2=A0=C2=A0=C2=A0 = 00:00=C2=A0=C2=A0=C2=A0

(952/952): post= gis33_14-utils-3.3.6-3PGDG.rhel9 345 kB/s |=C2=A0 43 kB=C2=A0=C2=A0=C2=A0= =C2=A0 00:00=C2=A0=C2=A0=C2=A0

Removing postgi= s33_14-3.3.6-3PGDG.rhel9.x86_64.rpm: Package postgis33_14-3.3.6-3PGDG.rhel9= .x86_64.rpm is not signed

Removing postgi= s33_14-client-3.3.6-3PGDG.rhel9.x86_64.rpm: Package postgis33_14-client-3.3= .6-3PGDG.rhel9.x86_64.rpm is not signed

Removing postgi= s33_14-devel-3.3.6-3PGDG.rhel9.x86_64.rpm: Package postgis33_14-devel-3.3.6= -3PGDG.rhel9.x86_64.rpm is not signed

Removing postgi= s33_14-docs-3.3.6-3PGDG.rhel9.x86_64.rpm: Package postgis33_14-docs-3.3.6-3= PGDG.rhel9.x86_64.rpm is not signed

Removing postgi= s33_14-gui-3.3.6-3PGDG.rhel9.x86_64.rpm: Package postgis33_14-gui-3.3.6-3PG= DG.rhel9.x86_64.rpm is not signed

Removing postgi= s33_14-llvmjit-3.3.6-3PGDG.rhel9.x86_64.rpm: Package postgis33_14-llvmjit-3= .3.6-3PGDG.rhel9.x86_64.rpm is not signed

Removing postgi= s33_14-utils-3.3.6-3PGDG.rhel9.x86_64.rpm: Package postgis33_14-utils-3.3.6= -3PGDG.rhel9.x86_64.rpm is not signed

Error: GPG sign= ature check failed.

=C2=A0

Best regards,

Gunnar Andersson,

Trafikverket


--00000000000013c57e0616457430--